Secure Version Control — In the Cloud

Assembla Enterprise Cloud Version Control is the most secure version control platform in the world. We help companies embrace agile, meet compliance, and stay innovative while keeping source code safe.


Risk Management Planning & Process

Our operational playbook includes a bottom-up evaluation of the risks to security, risk mitigation techniques, and ongoing areas of investment to further reduce risks.

A 24/7/365 DevOps team continuously monitors network access and traffic using real-time intrusion monitors. Data Centers and production access is restricted to admins with individual user credentials. Passwords are never stored directly in the database, and all API and API communication between you and Assembla is conducted using the strongest encryption standards.

Data Security

Assembla replicates data and repositories in real-time across multiple geographically diverse locations and offers multiple additional disaster recovery options including redundant backups in AWS and Azure. Encrypted, monitored, backed up, secure.

SDLC: Secure Software Development Lifecycle

We are passionate about agile software development, continuous integration and delivery. Assembla uses HackerOne, a leading premier vulnerability coordination platform to provide proactive vulnerability dectection. Our team manages inbound reports from the HackerOne community and quickly remediates issue to ensure the safety and security of your repositories.

Join our private bug program


Over a hundred years of combined Security experience running mission critical workloads in the cloud make up the fabric of our Security teams. We use behavioral analysis, static rules, and custom filters looking for zero-day exploits.

We use Static Rules (User definitions such as IP address, HTTP header content, country, and session ID) and Dynamic Filtering (Behavioral and reputational filtering of threat data automatically and in real-time) in our security stack.

We also believe in strong Layer 7 Protection (Top layer firewall for threat detection, mitigation and syndication) with our partners Cloudflare.

Assembla lets you move development to the cloud while maintaining your regulatory & security requirements.

Assembla is also fully certified on PrivacyShield. The full report is available on request.

Assembla has successfully completed the Cloud Security Alliance STAR self assessment.

We are Level 3 PCI certified and partner with Level 1 provider Chargify to process transactions. Download our PCI DSS certificate here.

Our security controls are audited each year, following the AICPA SSAE-16 SOC 2 guidelines for the Security and Availability principles. The full report is available on request.

All Assembla Cloud Services follow DevOps principles and are using automated, continuous deployment for all application code.

Download the Free Whitepaper

How Assembla Approaches Security

Managed Private Cloud

Assembla offers multiple infrastructure design options including managed private cloud. Global deployment options with multi-node infrastructure in North America, EMEA and APAC. Can be customized to meet unique compliance security and SLA requirements up to 99.99%.

Our Security Roadmap

Assembla is fully committed to GPDR and HIPAA compliance in 2018.